18 matches found
EUVD-2023-46603
Malicious code in bioql PyPI...
CVE-2023-42143
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware...
CVE-2023-42144
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password...
CVE-2023-42144
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password...
CVE-2023-42143
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware...
Design/Logic Flaw
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password...
Shelly TRV Security Vulnerability
Shelly TRV is a Wi-Fi connected radiator thermostat from Shelly. A security vulnerability exists in Shelly TRV version 20220811-152343 v2.1.8, which stems from a lack of integrity checking and allows a malicious user to create a backdoor via redirection...
CVE-2023-42143
CVE-2023-42143 affects Shelly TRV, version 20220811-152343/v2.1.8. The issue is a Missing Integrity Check that can let an attacker redirect the device to a controlled host serving manipulated firmware, leading to the device updating with compromised firmware. The available documents do not provid...
CVE-2023-42144
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password...
Shelly TRV Security Vulnerability
Shelly TRV is a Wi-Fi connected radiator thermostat from Shelly. A security vulnerability exists in Shelly TRV version 20220811-152343 v.2.1.8, which stems from a plaintext transmission during initial setup that allows a local attacker to obtain the Wi-Fi password...
CVE-2023-42143
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware...
PT-2024-13034 · Allterco · Shelly Trv
Name of the Vulnerable Software and Affected Versions: Shelly TRV version 2.1.8 Description: The issue allows a local attacker to obtain the Wi-Fi password due to cleartext transmission during the initial setup. Recommendations: For Shelly TRV version 2.1.8, update to a version that addresses the...
CVE-2023-42143
Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware...
CVE-2023-42144
Cleartext Transmission during initial setup in Shelly TRV 20220811-15234 v.2.1.8 allows a local attacker to obtain the Wi-Fi password...
CVE-2023-42144
CVE-2023-42144 affects Shelly TRV 20220811-15234 v2.1.8. Root cause is cleartext transmission during initial setup, enabling a local attacker to obtain the Wi‑Fi password. Public exploit details are not provided. Remediation guidance in the connected docs points to updating Shelly TRV to a versio...
CVE-2018-13581
The CVE-2018-13581 issue is an integer overflow in the mintToken function of TravelCoin (TRV) smart contract. The overflow enables the contract owner to set the balance of any user to an arbitrary value, implying a control- or balance- manipulation vulnerability in the token implementation. Affec...
trouver-ouvert.fr XSS vulnerability
Open Bug Bounty ID: OBB-207997 Description| Value ---|--- Affected Website:| trouver-ouvert.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Unfixed XSS vulnerability at ibe.s7.ru
Security researcher trv, has submitted on 04/01/2011 a cross-site-scripting XSS vulnerability affecting ibe.s7.ru, which at the time of submission ranked 17935 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2011. It is currently unfixed...